Showing papers on "Secure two-party computation published in 2018"

Secure Multi-Party Computation

Abstract: Secure multi-party computation (SMC) is an emerging topic which has been drawing growing attention during recent decades. There are many examples which show importance of SMC constructions in practice, such as privacy-preserving decision making and machine learning, auctions, private set intersection, and others. In this tutorial, we provide a comprehensive coverage of SMC techniques, starting from precise definitions and fundamental techniques. Consequently, a significant portion of the tutorial focuses on recent advances in general SMC constructions. We cover garbled circuit evaluation (GCE) and linear secret sharing (LSS) which are commonly used for secure two-party and multi-party computation, respectively. The coverage includes both standard adversarial models: semi-honest and malicious. For GCE, we start with the original Yao's garbled circuits construction [30] for semi-honest adversaries and consequently cover its recent optimizations such as the "free XOR,'' the garbled row reduction, the half-gates optimization, and the use of AES NI techniques. We follow with a discussion of techniques for making GCE resilient to malicious behavior, which includes the cut-and-choose approach and additional techniques to deter known attacks in the presence of malicious participants. In addition, we include the-state-of-the-art protocols for oblivious transfer (OT) and OT extension in the presence of semi-honest and malicious users. For LSS, we start from standard solutions for the semi-honest adversarial model including [5, 28] and consequently move to recent efficient constructions for semi-honest and malicious adversarial models. The coverage includes different types of corruption thresholds (with and without honest majority), which imply different guarantees with respect to abort.

Combining Private Set-Intersection with Secure Two-Party Computation

Abstract: Private Set-Intersection (PSI) is one of the most popular and practically relevant secure two-party computation (2PC) tasks. Therefore, designing special-purpose PSI protocols (which are more efficient than generic 2PC solutions) is a very active line of research. In particular, a recent line of work has proposed PSI protocols based on oblivious transfer (OT) which, thanks to recent advances in OT-extension techniques, is nowadays a very cheap cryptographic building block. Unfortunately, these protocols cannot be plugged into larger 2PC applications since in these protocols one party (by design) learns the output of the intersection. Therefore, it is not possible to perform secure post-processing of the output of the PSI protocol. In this paper we propose a novel and efficient OT-based PSI protocol that produces an “encrypted” output that can therefore be later used as an input to other 2PC protocols. In particular, the protocol can be used in combination with all common approaches to 2PC including garbled circuits, secret sharing and homomorphic encryption. Thus, our protocol can be combined with the right 2PC techniques to achieve more efficient protocols for computations of the form \(z=f(X\cap Y)\) for arbitrary functions f.

Optimizing Authenticated Garbling for Faster Secure Two-Party Computation

Abstract: Wang et al. (CCS 2017) recently proposed a protocol for malicious secure two-party computation that represents the state-of-the-art with regard to concrete efficiency in both the single-execution and amortized settings, with or without preprocessing. We show here several optimizations of their protocol that result in a significant improvement in the overall communication and running time. Specifically: We show how to make the “authenticated garbling” at the heart of their protocol compatible with the half-gate optimization of Zahur et al. (Eurocrypt 2015). We also show how to avoid sending an information-theoretic MAC for each garbled row. These two optimizations give up to a 2.6\(\times \) improvement in communication, and make the communication of the online phase essentially equivalent to that of state-of-the-art semi-honest secure computation. We show various optimizations to their protocol for generating AND triples that, overall, result in a 1.5\(\times \) improvement in the communication and a 2\(\times \) improvement in the computation for that step.

Optimizing Authenticated Garbling for Faster Secure Two-Party Computation.

Abstract: Wang et al. (CCS 2017) recently proposed a protocol for malicious secure two-party computation that represents the state-of-the-art with regard to concrete efficiency in both the single-execution and amortized settings, with or without preprocessing. We show here several optimizations of their protocol that result in a significant improvement in the overall communication and running time. Specifically: We show how to make the “authenticated garbling” at the heart of their protocol compatible with the half-gate optimization of Zahur et al. (Eurocrypt 2015). We also show how to avoid sending an information-theoretic MAC for each garbled row. These two optimizations give up to a 2.6\(\times \) improvement in communication, and make the communication of the online phase essentially equivalent to that of state-of-the-art semi-honest secure computation. We show various optimizations to their protocol for generating AND triples that, overall, result in a 1.5\(\times \) improvement in the communication and a 2\(\times \) improvement in the computation for that step.

More Practical Privacy-Preserving Machine Learning as A Service via Efficient Secure Matrix Multiplication

Abstract: An efficient secure two-party computation protocol of matrix multiplication allows privacy-preserving cloud-aid machine learning services such as face recognition and traffic-aware navigation. We use homomorphic encryption to construct a secure matrix multiplication protocol with a small communication overhead and computation overhead on the client's side, which works particularly well when a large number of clients access to the server simultaneously. The fastest secure matrix multiplication protocols have been constructed using tools such as oblivious transfer, but a potential limitation of these methods is the needs of using a wide network bandwidth between the client and the server, e.g., 10~Gbps. This is of particular concern when thousands of clients interact with the server concurrently. Under this setting, the performance oblivious transfer-based methods will decrease significantly, since the server can only allocate a small ratio of its outgoing bandwidth for each client. With three proposed optimizations, our matrix multiplication protocol can run very fast even under the high concurrent setting. Our benchmarks show that it takes an Amazon instance (i.e., 72 CPUs and 25 Gbps outgoing bandwidth) less than 50 seconds to complete 1000 concurrent secure matrix multiplications with $128\times 128$ entries. In addition, our method reduces more than $74% - 97%$ of the precomputation time of two privacy-preserving machine learning frameworks, SecureML (S&P'17) and MiniONN (CCS'17).

Symbolic Security of Garbled Circuits

Abstract: We present the first computationally sound symbolic analysis of Yao's garbled circuit construction for secure two party computation. Our results include an extension of the symbolic language for cryptographic expressions from previous work on computationally sound symbolic analysis, and a soundness theorem for this extended language. We then demonstrate how the extended language can be used to formally specify not only the garbled circuit construction, but also the formal (symbolic) simulator required by the definition of security. The correctness of the simulation is proved in a purely syntactical way, within the symbolic model of cryptography, and then translated into a concrete computational indistinguishability statement via our general computational soundness theorem. We also implement our symbolic security framework and the garbling scheme in Haskell, and our experiment shows that the symbolic analysis performs well and can be done within several seconds even for large circuits that are useful for real world applications.

Quantum secure two-party computation for set intersection with rational players

Abstract: Recently, Shi et al. (Phys Rev A 92:022309, 2015) proposed quantum oblivious set member decision protocol where two legitimate parties, namely Alice and Bob, play a game. Alice has a secret k, and Bob has a set $$\{k_1,k_2,\ldots k_n\}$$ . The game is designed towards testing if the secret k is a member of the set possessed by Bob without revealing the identity of k. The output of the game will be either “Yes” (bit 1) or “No” (bit 0) and is generated at Bob’s place. Bob does not know the identity of k, and Alice does not know any element of the set. In a subsequent work (Shi et al in Quant Inf Process 15:363–371, 2016), the authors proposed a quantum scheme for private set intersection (PSI) where the client (Alice) gets the intersected elements with the help of a server (Bob) and the server knows nothing. In the present draft, we extended the game to compute the intersection of two computationally indistinguishable sets X and Y possessed by Alice and Bob, respectively. We consider Alice and Bob as rational players, i.e. they are neither “good” nor “bad”. They participate in the game towards maximizing their utilities. We prove that in this rational setting, the strategy profile ((cooperate, abort), (cooperate, abort)) is a strict Nash equilibrium. If ((cooperate, abort), (cooperate, abort)) is strict Nash, then fairness and correctness of the protocol are guaranteed.

Removing the Bottleneck for Practical 2PC

Abstract: Secure Two Party Computation (2PC) has the potential to facilitate a wide range of real life applications where privacy of the computation and participants is critical. Nevertheless, this potential has not translated to widespread industry acceptance due to performance issues. Over the years a significant research effort has focused on optimising the performance of 2PC. The computation complexity has been continually improved and recently, following circuit optimisations and hardware support for cryptographic operations, evaluations of 2PC on a single host currently produce efficient results. Unfortunately, when evaluated on remote hosts, the performance remains prohibitive for practical purposes. The bottleneck is believed to be the bandwidth. In this work we explore the networking layer of 2PC implementations and show that the performance bottleneck is inherent in the usage of TCP sockets in implementations of 2PC schemes. Through experimental evaluations, we demonstrate that other transport protocols can significantly improve the performance of 2PC, making it suitable for practical applications.

A Secure Distributed Framework for Agglomerative Hierarchical Clustering Construction

Abstract: This paper presents a general framework for constructing any agglomerative hierarchical clustering algorithm over partitioned data. It is assumed that data is distributed between two (or more) parties horizontally, such that for mutual benefits the participated parties are willing to identify the clusters' structure on their data as a whole, but for privacy restrictions, they avoid to share the original datasets. To this end, in this study, we propose general algorithms based on secure scalar product and secure hamming distance computation to securely compute the desired criteria for shaping the clusters' scheme. The proposed approach covers all possible secure agglomerative hierarchical clustering construction when data is distributed between two (or more) parties, including both numerical and categorical data.

Cut-and-choose bilateral oblivious transfer protocol based on DDH assumption

Abstract: In secure two-party computation protocols, the cut-and-choose paradigm is used to prevent the malicious party who constructs the garbled circuits from cheating. In previous realization of the cut-and-choose technique on the garbled circuits, the delivery of the random keys is divided into multiple stages. Thus, the round complexity is high and the consistency of cut-and-choose challenge should be proved. Based on DDH assumption, we build a so-called cut-and-choose bilateral oblivious transfer protocol, which transfers all necessary keys of garbled circuits in one process. Specifically, in our oblivious transfer protocol, the sender inputs two pairs $$(k_0^1,k_1^1)$$ , $$(k_0^2,k_1^2)$$ and a bit $$\tau$$ ; the receiver inputs two bits $$\sigma$$ and j. After the protocol execution, the receiver obtains $$k_{\tau }^1,k_{\sigma }^2$$ for $$j=1$$ , and $$k_0^1,k_1^1,k_0^2,k_1^2$$ for $$j=0$$ . The protocol inherit the cut-and-choose OT protocol in Lindell and Pinkas (Proceedings of the 8th conference on theory of cryptography, Springer, 2011), and can be applied into the state-of-the-art cut-and-choose secure two party computation protocol without any obstacles. By the cut-and-choose bilateral oblivious transfer protocol, the cut-and-choose challenge j is no need to be opened anymore, therefore the consistency proof of j is omitted, and the round complexity of secure two-party computation protocol can be decreased.

QRES: Quantitative Reasoning on Encrypted Security SLAs.

Abstract: While regulators advocate for higher cloud transparency, many Cloud Service Providers (CSPs) often do not provide detailed information regarding their security implementations in their Service Level Agreements (SLAs). In practice, CSPs are hesitant to release detailed information regarding their security posture for security and proprietary reasons. This lack of transparency hinders the adoption of cloud computing by enterprises and individuals. Unless CSPs share information regarding the technical details of their security proceedings and standards, customers cannot verify which cloud provider matched their needs in terms of security and privacy guarantees. To address this problem, we propose QRES, the first system that enables (a) CSPs to disclose detailed information about their offered security services in an encrypted form to ensure data confidentiality, and (b) customers to assess the CSPs' offered security services and find those satisfying their security requirements. Our system preserves each party's privacy by leveraging a novel evaluation method based on Secure Two Party Computation (2PC) and Searchable Encryption techniques. We implement QRES and highlight its usefulness by applying it to existing standardized SLAs. The real world tests illustrate that the system runs in acceptable time for practical application even when used with a multitude of CSPs. We formally prove the security requirements of the proposed system against a strong realistic adversarial model, using an automated cryptographic protocol verifier.

Symbolic security of garbled circuits.

Abstract: We present the first computationally sound symbolic analysis of Yao's garbled circuit construction for secure two party computation. Our results include an extension of the symbolic language for cryptographic expressions from previous work on computationally sound symbolic analysis, and a soundness theorem for this extended language. We then demonstrate how the extended language can be used to formally specify not only the garbled circuit construction, but also the formal (symbolic) simulator required by the definition of security. The correctness of the simulation is proved in a purely syntactical way, within the symbolic model of cryptography, and then translated into a concrete computational indistinguishability statement via our general computational soundness theorem. We also implement our symbolic security framework and the garbling scheme in Haskell, and our experiment shows that the symbolic analysis performs well and can be done within several seconds even for large circuits that are useful for real world applications.

Quantum secure two party computation for set intersection with rational players

Abstract: Recently, Shi et al. (Phys. Rev. A, 2015) proposed Quantum Oblivious Set Member Decision Protocol (QOSMDP) where two legitimate parties, namely Alice and Bob, play a game. Alice has a secret $k$ and Bob has a set $\{k_1,k_2,\cdots k_n\}$. The game is designed towards testing if the secret $k$ is a member of the set possessed by Bob without revealing the identity of $k$. The output of the game will be either "Yes" (bit $1$) or "No" (bit $0$) and is generated at Bob's place. Bob does not know the identity of $k$ and Alice does not know any element of the set. In a subsequent work (Quant. Inf. Process., 2016), the authors proposed a quantum scheme for Private Set Intersection (PSI) where the client (Alice) gets the intersected elements with the help of a server (Bob) and the server knows nothing. In the present draft, we extended the game to compute the intersection of two computationally indistinguishable sets $X$ and $Y$ possessed by Alice and Bob respectively. We consider Alice and Bob as rational players, i.e., they are neither "good" nor "bad". They participate in the game towards maximizing their utilities. We prove that in this rational setting, the strategy profile $((cooperate, abort), (cooperate, abort)$) is a strict Nash equilibrium. If $((cooperate, abort), (cooperate, abort)$) is strict Nash, then fairness as well as correctness of the protocol are guaranteed.

Secure Two-Party Computation over Unreliable Channels

Abstract: We consider information-theoretic secure two-party computation in the plain model where no reliable channels are assumed, and all communication is performed over the binary symmetric channel (BSC) that flips each bit with fixed probability. In this reality-driven setting we investigate feasibility of communication-optimal noise-resilient semi-honest two-party computation i.e., efficient computation which is both private and correct despite channel noise.

Secure Two Party Computation

Abstract: The goal of secure two-party computation is to enable two parties to cooperatively evaluate a function that takes private data from both parties as input without exposing any of the private data. At the end of the computation, the participants learn nothing more than the output of the function. The two-party secure computation systems have three properties: (1) the application involves inputs from two independent parties; (2) each party wants to keep its own data secret; and (3) the participants agree to reveal the output of the computation. That is, the result itself does not imply too much information about either party’s private input. Informally, the security requirements are that nothing is learned from the protocol other than the output (privacy), and that the output is distributed according to the prescribed functionality (correctness). The threat models in the two-party computation assume the presence of three different types of adversaries: 1) Semi honest, 2) Malicious and 3) Covert.